What is our primary use case?
We use it for Log Management and also for another bit of management. It feeds data into Splunk and Splunk writes the rules and based on that, it will pick up incidents.
It is good from a cost perspective, in terms of the cost of the data you're looking at. There is no cost barrier.
What is most valuable?
For my current requirements, the tool theme seems to be meeting my requirements, from a cost and requirements perspective.
What needs improvement?
The only thing I would say is an issue is the cost. It matches other products. The costs can be justified for the value that we gain. The entire threat analysis stack should come in a bundle. If the cost was matchable with other products I think Splunk would pick up in the market.
I did evaluate other products and installations. I can't compare it to Splunk.
For how long have I used the solution?
I have been using Splunk Cloud for a year.
What do I think about the scalability of the solution?
There are two people who are part of admin that use Splunk in my company.
We have a policy where we have to keep the domain controllers on lock with sensitive servers for about 90 days. We look at the controls around once a week to check if they need to be attended to.
How are customer service and technical support?
We initially contacted their support during the implementation. It was not for a very complex issue. It was more for a consultation.
Their support is good.
How was the initial setup?
I was new to Splunk and had a problem with understanding the forwarders and worker safety management.
My team was able to install it themselves.
In terms of how long it took to deploy, between coding, testing, and other things, it took about four weeks to complete the project to complete the initial installation. Altogether it was four to five weeks. They should improve the customization.
Which other solutions did I evaluate?
Splunk is a leader in its marker.
Splunk offers more features than its competitors. Other solutions are not on the same level to be able to compare them.
What other advice do I have?
I would rate Splunk a nine out of ten.
The queries and pulling out the exact reports is a little challenging. I get complaints about it. I would like to see more reports or default out of the box reports. That would be more useful, useful, and then people can avoid writing inquiries.